Back

Botnet Installing NiceRAT Malware

June 13, 2024, 1:33 p.m.

Tags

nicerat
2024-06-13

External References

https://asec.ahnlab.com/

https://otx.alienvault.com/

Description

This analysis discusses the proliferation of botnets constructed through the distribution of malware disguised as legitimate software. These botnets are subsequently leveraged to install additional malware strains, including NiceRAT, a Python-based Remote Access Tool (RAT) capable of collecting system information, browser data, and cryptocurrency wallet details for exfiltration. The report highlights the persistent nature of these botnets, which have been operational since 2019, underscoring the importance of user vigilance when downloading software from untrusted sources.

Date

Published Created Modified
June 13, 2024, 12:49 p.m. June 13, 2024, 12:49 p.m. June 13, 2024, 1:33 p.m.

Indicators

fd63d9e4472497071b4101d62c1f3e834d725fca746b89cab12b735c06d4a0f8

e4358dfec6b848ffd5cf195a4055a3619c47432170281da3617c7110ec8e9e72

d85538af1e2ee590775bcf2d6cdd5b757eb4eded381f9a3d3c94c81a52534035

bd3c16d921cec78d48c2cf754c35cba2709ffd6a6d0060448c13e7555a52f2cd

a6f0c9651b21dfde3e52b7924b6bfa61bcc506a20bb2bbddc4f89f55e221a29f

944e60676f2c21bfacab34e3f334ebe2a892d4be805acc14fbfcbfccf04a04b4

8e9f7413b29b0d148eb08b28d125059ebe507a58671139191fb9f025c653f9ad

7ab2498402daf3f7474956b601b682ad2b0f52a7a3bc52d1b7b4c9458a39458b

5e2fcbfb7133240712c6de1d075e6e4d82e54b4e9e375bc7bfa4bc3e1d7d667b

358a97499e21af201cb4c310457f730e585824ed8cfb43b09180cd2422ce8bcd

1d10f6c2096d79ec0863a48c13aa6b1b081ae7aef54faf3a54156bff708ce3d2

0ec9008ca4fd463a37d0bdcc6100619d9e28ea2d303951e9e2cb3c0d1446df79

f97123d0450c2a436dff3d4e7c674c366833bcbf4f21ebd387dabba8737d1101

ebe2488e6a5a5e9512d3751ef6ba7e68c08ac072169cf9af0aed74db1f1ef1b0

d58355fed81b0412fb36dff5c210c70b32de67501962df3e350648835e0ae07c

b372d5cadca2b0b212e982615fd8df8a31322651a4057afd701dd075e85dd8e4

c78b22ec1a704a79847ec30404386253b2b2e48563bb7f55ccb8696cb88c60f0

ab5fc09447ea83e7c3f79e8817921eb2170fd2592b8d0f7d03d0934f5dad14e8

787b530fe09cea2be36f78478268eed7dfd62b68b538c62e90f1de1507c8277d

66744784b22d5d1698f9755cdcc226c644aec3a8cd9c551aa7aa5845ed19b614

55f047455519bc3cd96322361a66cd3667293f50811afe16c553382fa443465c

52991b00ba04504a2195d3a12521496170acbc1002176679bf59d3f2890e3d5d

4c25df3edce36c720c3e39d5e3f93ce4035ec7857be76fc4ac9e612168210367

39f06354924b3779b20223a8630a99317786906eb1216e88f2d5f58b3d38cc7f

Attack Patterns

NiceRAT

T1556.003

T1027.004

T1021.004

T1497.003

T1053.005

T1497.001

T1012

T1555

T1071.001

T1518.001

T1489

T1082

T1083

T1570